Using the Group Policy MGT Console, if I try to run a GPO results for a computer on my network, I keep getting WMI Error , The RPC Server is unavailable, etc. This only happens if I run the results from a 2008R2 or a Windows 2012 Server. If
I run it from a 2003 server, It runs without any issues. Is there a setting that I need to change on the 2008R2 and 2012 servers for this to work correctly? I also get this same error if I turn off the windows firewall on the computer I'm
trying to get the GPO results for. Again only from a 2008R2 or a Windows 2012 server.
↧
RPC Server Is Unavailable
↧
Display name and GPO audit
Hi,
I seem to have a hard time to figure out the following:
I want to be able to monitor deletion of GPO's and which person who did this. For now i'm able to get the event id's ok (5141), the problem is i only get the DN of the policy.
When i create a GPO it gives me the display name of the policy and that is what i want!
Is there a way for AD to show me display name of the policy instead of only DN when deleting a GPO?
Kind regards,
Eirik
↧
↧
Group Policy Backup Retention
I am planning on implementing a Group Policy backup for our environments using the script on the attached page (with some edits for our environment). One thing we are not sure of is how long of a retention policy we should maintain and how often we should back up.
http://blogs.msdn.com/b/canberrapfe/archive/2012/04/10/backing-up-gpos-with-a-powershell-script.aspx
One though is to back up on Friday nights and keep 4 backups for 30 days worth. Does anyone have a better recommendation than this?
↧
User Configuration Not Applying Unless Computer OU Linked
Hello,
I've been having difficulty discovering the cause of, and resolving, an issue that I started experiencing a couple of days ago.
When users logged on in the morning, the majority of our GPOs were suddenly no longer being applied. Running gpresult under the context of a standard domain user showed that while some GPOs were showing and being either applied or denied, most of them were showing their UID rather than display name and had a denied reason of 'Inaccessible'.
When attempting to browse to the SYSVOL folders of the inaccessible GPOs, access was denied due to not having permissions. On checking these, the permissions seemed to have been changed from the standard read and execute to none for the 'Authenticated Users'
group.
Correcting these permissions seemed to make the GPOs disappear from gpresult entirely. After going through each GPO, the commonality between the ones that were applying was that they were linked to a computer OU (either directly or by linking to the domain).
Taking one of the previously inaccessible GPOs that contained user-only configuration and linking it to a computer OU caused the GPO to suddenly appear in gpresult for the users (I would assume only for users on machines that were on the linked computer OU).
My only explanation was that somehow loopback processing was taking place, however this was not set on any of the affected GPOs.
It's difficult for me to find any root cause - this did happen the day after I installed updates on one of the domain controllers.
The forest functional level is Server 2003. The DC with all the roles is a 2003 server; we also have 2008 R2 (one of which was the one that was updated) and 2012 DCs. We just have one domain.
I restarted the updated DC into Directory Services Restore Mode and ran an integrity check and semantic database analysis after running out of ideas, which I don't believe returned anything problematic.
Running dcdiag on the DCs didn't return any issues.
Any help or suggestion is much appreciated.
↧
Trusted Sites
I currently am trying to implement group policy to allow a trusted site.
When a user logs in the group policy runs fine etc but the site isn't trusted. Registry shows the sites fine, if I run the GPResult it also appears fine but the user cannot access the trusted site.
If the user logs out and logs back in the site is trusted. Why am I having to have my users login twice in order for the trusted site to take affect?
Thanks,
Tyler
↧
↧
Windows Server 2012 R2 ADMX files
Hello,
I found ADMX files for Windows Server 2012 and Windows 8:
http://www.microsoft.com/en-us/download/details.aspx?id=36991
but not found ADMX templates for administration Windows Server 2012 R2 and Windows 8.1.
Is published this ?
I have DC on WS2012 (not R2 version) and I must create GPO for Windows 8.1 deployment.
Thanks,
Snake AG
↧
Windows XP machines dont have access after GP changes.
Hello,
After making some changes to group policy security (disabling both SMB signing and do not store LM hash value) my XP workstations can still sign on to the domain and have file sharing between workstations, but have no access to the server. My Windows 7 machines are experiencing no problems at all. This problem persists even after changing GP settings back to their original values and rebooting the server. I have tried resetting the account on one of the workstations, resulting in no access to the domain at all. This is driving me nuts....HELP! Thanks
↧
Error when adding shared printer to GPP
I'm creating a new GPP for shared printers. This is on Server 2012 I've done this several times before and have never run into this problem. I added 2 printers with no problem but when I try to add the third I get the error "The object selected does not match the type of destination source. Select again. I tried deleting the printer and re-adding it but I get the same error.
Anyone have any idea what is going on and how to fix it? Like I said, I've created GPP for printers several times before and have not run into this problem. I tried searching for the error but haven't found anything helpful.
Jonathan
↧
Adding "favorites" to users Internet Explorer in Server 2012
It used to pretty easy to just add them in "URL's" So Now I am having trouble, I created a shortcut pointing to "Internet Explorer favorites" and selected URL but I am missing something, I can't get the URL to show in the users "favorite"
listing. I created it in the section "User Configuration", "Preferences", Windows Settings", "Shortcuts"..Can anyone show me an example of how it is supposed to work?
Scott Cummins
↧
↧
Need to restrict the ability for a user to move or delete common folder
Hi Guys,
Not sure if this is possible but......
Have had many occasions where users have accidentally moved or deleted common folders on the network drives, even their own. Is there a way I am able to restrict deletion\moving of folders but still allow the user to have write access to folders?
Cheers,
Not sure if this is possible but......
Have had many occasions where users have accidentally moved or deleted common folders on the network drives, even their own. Is there a way I am able to restrict deletion\moving of folders but still allow the user to have write access to folders?
Cheers,
↧
GPO's 'Run specific programs' policy and Control Panel
Hello,
I'm a trainee technician so everyone bare with me, I'm learning.
Problem I have atm is with Group policies to roll out windows 7 at a school I'm based at. Its a massive learning curve and finding the old issue.
I'm stuck with one particular right now and that's allow access to specific control panel items. In our GPO's we have nothing denying access to the CP other then what items they can see, i.e. Sound, Date and Time etc. We're then applying the policy that states which programs can be launched by entering their executable file names like iexplorer.exe and so on. Here then lies what I believe the problem is, when I go to add .cpl items and control.exe itself the target client computer still denies access to the CP items. I've tried many different path names ending in .cpl and the like, but to no avail.
Can anyone help figure what the issue maybe? Does that particular policy only take .exe paths? And like i said theres no other policy which states deny access to the CP, only hides certain items.
Thanks,
Dan
↧
Add builtin group Interactive to the builtin group Administrators through Group Policy?
Is there a Group Policy incantation that allows me to add the builtin group Interactive to the builtin group Administrators on select computers? Seems as if Group Policy Preferences are only able to add domain groups and accounts, not local ones.
↧
USB Block 2012 policy error
I have implemented a group policy in 2012 Domain Controller to block the USB Removal device. The Group policy is successfully deployed and the USB device was block. But when i removed the group policy it has been found that it has disable the USB Storage driver. In device manager it is showing exclamation mark. Then i have to uninstall it and then again i have to install the driver manually on the machine. Then it works. Its becomes manual process.
We have done Gpupdate on both Domain Controller and on the client Machine. I have run the rsop also.
↧
↧
Windows Password complexity settings
Hi,
I have a Active Directory network with several DC's, the OS's of the servers range from Windows 2003 to 2012.
I need to create a new user which is going to have a fixed password so I want to make sure it has a complex password to try and negate the security issues, but no matter what I enter as the password I am told it does not meet the complexity requiremnets of my network apart from if I just use something like Passw0rd.
The settings I have in place are:
Enforce password history 4 passwords remembered
Maximum password age 42 days
Minimum password age 20 days
Minimum password length 6 characters
Password must meet complexity requirements enabled
Store password using reversible encryption enabled
I have tried password like
@ccess_from_IIS_2_network
but this apparently does not meet complexity requirements.
Can anyone help?
Thanks
alamb200
↧
User profile picture GPO is not working
Hi,
recently i created a GPO on server 2008 R2 to apply our company logo to all machines ( win7 & win8 ) in domain, as user profile picture.
after GPUPDATE those images are being downloaded to all domain machines (to C:\ProgramData\Microsoft\User Account Pictures )but, not showing at log on screen/lock screen.
picture specs. are 128x128.
picture location is shared to all domain computers and authenticated users.
MUCH APPRECIATE ANY HELP
Thanks,
Rafi
↧
Windows 2012 R2/Windows 8.1 GPO Folder Redirection Woes
So now I am starting to use windows 8.1 and Windows 2012 R2. DCs are 2012R2, Forest Level 2012 R2, Domain Level 2012 R2. Folder Redirection works for Windows 7, Windows 8, 2008, 2008 R2, 2012. Does not work for Windows 8.1/2012R2. No errors are logged in event viewer, says completed successfully. GPResult /v only says:
Folder Redirection
------------------
N/A
Group Policy Results Wizard says:
| Component Name | Status | Time Taken | Last Process Time | Event Log |
|---|---|---|---|---|
| Group Policy Infrastructure | Success | 218 Millisecond(s) | 11/9/2013 12:28:30 PM | View Log |
| ConfigMgr User State Management Extension. | Success | 32 Millisecond(s) | 11/9/2013 12:28:30 PM | View Log |
| Folder Redirection | Success | 31 Millisecond(s) | 11/9/2013 12:28:30 PM | View Log |
I have tried disabling all other policies (computer and User) except the one that has the folder redirection with no luck. I have tried putting Folder redirection in its own GPO, no luck.
NONE of the following are checked in the Folder redirection (but I have tried it both ways for each):
- Grant the User exclusive rights to ....
- Move the contents of ....... to the new location
- Also apply redirection policy to windows 2000, Windows 2000 Server, Windows XP, and Windows Server 2003 operating systems.
DCDiag returns no errors. Sysvol is replicating properly between both DCs
Everything else EXCEPT Folder redirection applies properly.
Thanks!
↧
Group policy - Win8 + IE10 and XP + IE8
a policy is set for Windows 8 and IE10 users
But sometimes, the Win8 users have to logon XP machines with IE8.
i find in Win8 group policy, the internet config can be set IE10 (1st) and IE8 (2nd) priority
but it does not work when the users logon XP with IE8.
Thanks for your help
↧
↧
GPMC Unable to Save Policy after Importing Certificates
Problem: Using GPMC I edit the Default Domain Policy, import a .cer file into Trusted Root Certification Authorities. The Cert shows up properly in the GUI. I exit the policy. I reopen the policy. The cert does not show up in the GUI. The operation is being performed on the terminal server console of the PDC emulator. No error message is received, nothing in the logs indicating a problem.
Editing the User portion of the Default Domain Policy operates correctly (i.e. changes made are saved).
Environment: 2008R2, Forest functional level - Windowes Server 2003.
Troubleshooting performed: run GPMC as administrator, verified NTFS permissions for the sysvol subfolder where the registry.pol file is saved, disabled all third party AV and filter drivers. Procmon analysis performed by Microsoft Premiere engineer. Internet searches revealed nothing useful thus far.
We have many other domains for which we've performed this import without issue. Any guidance would be greatly appreciated.
↧
WMI Filter for 2008 R2 OS
Hi,
I'm currently trying to find a WMI Filter/Query to use with GPO's that will only impact Windows Server 2008 R2 Servers.
I have noticed plenty of WMI Filters that hit certain "versions" of windows (e.g. 2008 R2 AND Windows 7, as per http://social.technet.microsoft.com/Forums/windowsserver/en-US/a5438b5a-13f0-4b0a-9f49-e99942657c49/wmi-filter-for-os?forum=ITCG), however, i would like to ensure that the WMI filter is specifically for the Windows Server OS (regardless of the service pack level on 2008 R2)
Would someone be able to assist me with this please?
Thanks in advance
↧
windows 8.1 will not allow mw to acess to my local account
ok, so I downloaded windows 8.1 2 days ago, ever since I downloaded it my computer started to lag and it would take 5 min to log out and in, (it was never that slow) and to access the internet it would take even longer. I tried to log out of windows 8.1 but when ever I tried to switch to a local account it would always say "windows couldn't connect to the group policy client service. please consult your system administrator" can someone please help me
↧